mirror of
https://github.com/slackhq/nebula.git
synced 2025-01-11 20:08:12 +00:00
6c55d67f18
There are some subtle race conditions with the previous handshake_ix implementation, mostly around collisions with localIndexId. This change refactors it so that we have a "commit" phase during the handshake where we grab the lock for the hostmap and ensure that we have a unique local index before storing it. We also now avoid using the pending hostmap at all for receiving stage1 packets, since we have everything we need to just store the completed handshake. Co-authored-by: Nate Brown <nbrown.us@gmail.com> Co-authored-by: Ryan Huber <rhuber@gmail.com> Co-authored-by: forfuncsake <drussell@slack-corp.com>
28 lines
711 B
Go
28 lines
711 B
Go
package nebula
|
|
|
|
const (
|
|
handshakeIXPSK0 = 0
|
|
handshakeXXPSK0 = 1
|
|
)
|
|
|
|
func HandleIncomingHandshake(f *Interface, addr *udpAddr, packet []byte, h *Header, hostinfo *HostInfo) {
|
|
if !f.lightHouse.remoteAllowList.Allow(udp2ipInt(addr)) {
|
|
l.WithField("udpAddr", addr).Debug("lighthouse.remote_allow_list denied incoming handshake")
|
|
return
|
|
}
|
|
|
|
switch h.Subtype {
|
|
case handshakeIXPSK0:
|
|
switch h.MessageCounter {
|
|
case 1:
|
|
ixHandshakeStage1(f, addr, packet, h)
|
|
case 2:
|
|
newHostinfo, _ := f.handshakeManager.QueryIndex(h.RemoteIndex)
|
|
tearDown := ixHandshakeStage2(f, addr, newHostinfo, packet, h)
|
|
if tearDown && newHostinfo != nil {
|
|
f.handshakeManager.DeleteHostInfo(newHostinfo)
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|